There’s much debate going on today about what to do if your organization gets hit by ransomware. There’s really only two choices: pay it or don’t. And which side you come down on says a lot about your big picture perspective.

Recently, U.S. Mayors, at their yearly conference, which represents over 1,400 mayors from U.S. cities with over 30,000 people, adopted a resolution not to give in to ransomware demands. Of course the mayors “admitted that ransomware attacks can result in the loss of millions of dollars and months of work to repair damage, but highlighted that paying the attackers only ‘encourages continued attacks on other government systems, as perpetrators financially benefit.'”

The mayors’ perspective is, we’re in this for the long haul and we want to discourage ransomware attackers. That can be an expensive proposition. In the case of the Baltimore, MD ransomware attack, “Officials refused to meet hacker demands for a ransom of $76,000 to unlock the systems, but have been saddled with an estimated $18 million in costs of restoring and rebuilding the city’s computer networks.”

Taking the other tact, LaPorte County, IN chose to pay $130,000 in ransom to their attackers. Perhaps they choose to do that because “LaPorte county’s insurance will reportedly cover $100,000 of the $130,000.” That takes a little bit of the sting off.

The problem’s getting worse. “Globally, losses from ransomware rose by 60 percent last year to $8 billion, according to data compiled by the Internet Society’s Online Trust Alliance.” So, the decision on what to do about ransomware is a big one.

What does the FBI say? They say don’t pay it. Of course, getting your systems back up and running isn’t their problem. Ask ten people what to do about ransomware and you’ll get eleven opinions.

What if you were given a third choice? Pay the ransom, try to solve the problem yourself or don’t get hit by ransomware in the first place? Everyone would choose the third, so why don’t they?

Somewhere around 97% of ransomware is the result of a successful phishing attack. Prevent phishing and your prevent ransomware. What percentage of these ransomware victims do you think were protected by phishing protection technology? Not very many.

Not implementing anti-phishing technology cannot be due to its cost. In the case of LaPorte County, IN, the ransom they paid could have covered the cost of phishing protection for every employee for almost 40 years.

So, why don’t cities and organizations jump on phishing protection technology? It’s not clear. But what is clear is that they should.

Phishing prevention technology is cloud-based, which means there’s no hardware or software to buy, install and configure. It works with any email service, on-premises or hosted. It’s incredibly affordable—just pennies a day per employee. And you can be up and running in 10 minutes.

Ten minutes. Pennies a day. No ransomware. You have no excuses.